Frédéric Brière
2007-Aug-14 02:38 UTC
[Logcheck-devel] Bug#437753: logcheck-database: proftpd ignore rule does not match when rhost is IPv6
Package: logcheck-database Version: 1.2.54 Severity: normal It would appear that proftpd is now logging IP addresses in IPv6 form, even the v4 ones. I got a bunch of these last week: Aug 7 04:00:11 goretex proftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=::ffff:58.60.237.66 user=mysql Simply adding a ":" to the rhost character class did the trick for me. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Reasonably Related Threads
- Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
- Bug#437891: logcheck-database: addition to ignore rule for bind's RCODE
- Bug#397466: logcheck-database: proftpd rules do not support IPv6 addresses with UseReverseDNS off
- Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record
- Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...